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protected by a digital code (104) generated by a physical characteristic of the person such as an encoded finger print, voice print, signature 
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(104) such as a Social Security Number (1 16). Access via the ID can be selected in accordance with pre-established instructions mandated 
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SYSTEM FOR PROTECTING FROM UNAUTHORIZED ENTRY INTO 
AND/OR ACCESS TO RECORDS IN A RECORD DATABASE 

Field of the Invention 

The present invention relates to an improved system for protecting from unauthorized 
access to and/or entry into records of individuals in a database, and more particularly to a 
system for protecting medical records in a national medical record database. 

Background of the Invention 

As a person moves from birth to death, health care providers make records of his or 
her state of health and the medical intervention provided. A person's entire record includes 
record fragments recorded at different times, and usually recorded and stored at different 
physical locations. These record fragments include records stored on paper and film and 
more recently digital data records. 

The doctor's office, hospital, HMO, or other medical entity that prepares the record 
usually stores the record at a physical location it selects, using its own addressing and 
security systems to access and protect the record. The entity that prepares the record usually 
considers the record to be its property, rather than the property of the patient. The present 
state of medical records provides relatively good physical security for the records. Digital 
records stored in a database are typically accessible only over a secure local network. In 
addition, there is today no practical way to access a complete medical history of a person 
when different record fragments are stored by different health care entities. Transfer of data 
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between health care entities is slow at best and not practical at all in many instances due to 
incompatibility of the databases. 

Relatively recent technologies, such as the Internet and large database managers, have 
made it practical to have a national medical record database where a health care provider 
could easily and immediately access a patient's medical records prepared by any entity at any 
time. Access can be over a public network such as the Internet using web browser 
technology. The national medical record database could reside in one or more physical 
databases. The data could also reside in the databases of the health care entities that prepared 
them with hyper-links to a patient's record in each database so that the entire record could be 
assembled via the Internet using web browser technology. A combination of physical and 
virtual databases could be used. In any case, each person will have a medical identification 
(ID) for use in addressing the national medical record database when storing data in it or 
retrieving data from it. This ID could be preexisting personal numbers, special PIN numbers 
selected in secret, or a specific number issued by the manager of the national record database. 
While the advantages of a national medical database in providing improved care are clear, 
such a database raises data security concerns. Today, most medical records are not accessible 
over a public network. With a national medical record database, most medical records would 
be accessible. Today, an authorized or unauthorized person must know not only whose 
record he or she wants, but also where the record is kept and how to access records from that 
database. Tomorrow without increased security the unauthorized person may need to know 
only a person's medical ID and how to access the national medical database. 

It is thus desirable that a more secure way of controlling access to a record such as, 
e.g., a medical record, be provided. 
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Summary of the Invention 
A feature of the present invention is a system that protects a record of an individual in 
a central database from access by unauthorized parties. More particularly, the present 
invention can protect against unauthorized access of a record in a central database accessible 
5 via a public network such as, e.g., the Internet. 

The present invention contemplates records in a central database (e.g., a national 
medical record database or a central financial database) protected by personal identification 
codes. Personal identification codes can include a person's assigned ID code. Examples of a 
person's assigned ID code include, e.g., a Universal Health Identification number, a Social 
1 0 Security number, or other alphanumeric string. Personal identification codes can also include 
biometrics, such as, e.g., one or more digital codes generated by one or more biometric 
physical characteristics of a person. Biometric physical characteristics of a person can 
include, e.g., an encoded finger print, a voice print, a signature print or a retinal scan. 

These personal identification codes (assigned ID codes and biometrics) can be used to 
15 control access to a central database. For example, the personal identification codes can be 
used to grant access to certain approved individuals to the central database, and to identify 
and grant access to a particular record/file within the central database. 

Various methods can be used to control access to the contents of the central database 
according to the present invention. Several exemplary techniques are described for 
20 establishing a secure central record database according to the present invention. 

A feature of this invention is a system that protects from access by unauthorized 
parties, a record of an individual in a record database, generally and a record in a database 
accessible via a public network more particularly. 
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Briefly, this invention contemplates records in a record database (for example, a 
national medical record database) protected by a digital code generated by a physical 
characteristic of the person (e.g., an encoded finger print voice print, signature scan, or 
retinal scan) attached to each person's protected record in the database in addition to a 
person's assigned ID code (e.g., Social Security Number). Access via the ID can be selected 
in accordance with preestablished instructions mandated by the individual. For example, 
some individuals will be more interested in medical personnel having ready access to their 
record and can specify instructions consistent with this concern. In addition, some 
individuals may be concerned about the privacy of certain parts of their medical history, but 
not others, and can specify instructions consistent with this concern. 

In one embodiment of the invention, a protected record cannot be entered or accessed 
from the national database unless the request is accompanied by the physical characteristic 
code that matches the physical characteristic code associated with the protected record. Each 
individual, who participates in the national medical database, can provide via a transducer a 
physical characteristic sample (e.g., a voiceprint, fingerprint or signature). This sample can be 
digitally encoded and attached to a person's entire record in the national database. The record 
can also be stored in the database of the healthcare provider who generates the record and 
those records can be accessible by that healthcare provider without requiring the physical 
identifier code if the individual agrees to such access. For the foreseeable future, following 
the establishment of a national medical database, health care providers can continue to 
maintain their own databases for the records they generate and, subject to agreement by the 
individual, can continue to control access to their respective databases. The record can be 
stored also in the national database, where records can be accessed from authorized terminals 
by predesignated professionals authorized by the individual using that person's ID. In 
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contrast, access to protected records can require, in addition to the person's ID, the person's 
physical characteristic code, which is encoded as part of the request message. To authorize 
access to or entries into records with a highest level of protection, the system, in one 
embodiment, can require the physical presence of the individual. Here a transducer 
5 associated with the terminal at which the request is made, can transduce and encode the 

physical characteristic of the person whose protected record is sought and who is authorizing 
the request. 

In one embodiment of the invention, a method for maintaining an individual's record 
in a record database with access to the record controlled by the individual features the steps 

10 of linking a plurality of data input/output terminals to a record database via a network, 

assigning each individual an ID number code, transducing an identifying characteristic of 
each individual to a digital identifying characteristic code, storing said ID number code and 
said digital identifying characteristic code in an ID and identifying code database, calculating 
an access code by algorithmically combining said ID number code and said digital identifying 

1 5 characteristic code, storing an individual's record in said record database accessible by said 
access code, querying said record database from one of said plurality of data input/output 
terminals by transmitting a query that includes sending a query ID number code, and a query 
digital identifying characteristic code, calculating a query access code by algorithmically 
combining said query ID number code and said query digital identifying characteristic code, 

20 and retrieving a query record from said record database using said query access code, 
comparing said query ID number code and said query identifying characteristic code 
transmitted in said querying step with said identifying characteristic code and said ID number 
code stored in said ID and identifying code database, transmitting said record with said ID 
number code to said one of said plurality of data input/output terminals in response to said 
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querying step only if the codes compared in said comparing step match within predetermined 
limits. 

In another embodiment, a method for maintaining an individual's record in a record 
database with access to the record controlled by the individual features is described including 
5 steps of linking a plurality of data input/output terminals to a record database via a network, 
assigning each individual an ID number code, storing said ID number code in an ID database, 
transducing an identifying characteristic of each individual to a digital identifying 
characteristic code, storing said digital identifying characteristic code in an identifying 
characteristics code database, calculating an access code by algorithmically combining said 

10 ID number code and said digital identifying characteristic code, storing said access code in an 
access code database, storing an individual's record in said record database accessible by said 
access code, querying said record database from one of said plurality of data input/output 
terminals by transmitting a query that includes sending a query ID number code, and a query 
digital identifying characteristic code, calculating a query access code by algorithmically 

1 5 combining said query ID number code and said query digital identifying characteristic code, 
and retrieving a query record from said record database using said query access code, 
comparing said query ID number code with said ID number stored in said ID database and 
comparing said query identifying characteristic code with said identifying characteristic code 
stored in said identifying characteristic code database, comparing said query access code 

20 with said access code stored in said access code database, transmitting said record along with 
said ID number code to said one of said plurality of data input/output terminals in response to 
said querying step only if the codes compared in said comparing steps match within 
predetermined limits. 
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Another example embodiment features a method for maintaining an individual's 
record in a record database with access to the record controlled by the individual, including 
the steps of linking a plurality of data input/output terminals to a record database via a 
network, assigning each individual an ID number code, transducing an identifying 
5 characteristic of each individual to a digital identifying characteristic code, calculating an 
access code by algorithmically combining said ID number code and said digital identifying 
characteristic code, storing said access code in an access code database, storing an 
individual's record in said record database accessible by said access code, querying said 
record database from one of said plurality of data input/output terminals by transmitting a 

10 query that includes, sending a query ID number code, and a query digital identifying 

characteristic code, calculating a query access code by algorithmically combining said query 
ID number code and said query digital identifying characteristic code, and retrieving a query 
record from said record database using said query access code, comparing said query access 
code with said access code stored in said access code database, transmitting said record along 

1 5 with said ID number code to said one of said plurality of data input/output terminals in 
response to said querying step only if the codes compared in said comparing step match 
within predetermined limits. 

Further features and advantages of the invention, as well as the structure and operation 
of various embodiments of the invention, are described in detail below with reference to the 

20 accompanying drawings. In the drawings, like reference numbers generally indicate identical, 
functionally similar, and/or structurally similar elements. The drawing in which an element 
first appears is indicated by the leftmost digits in the corresponding reference number. 
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Brief Description of the Drawings 
The foregoing and other features and advantages will be better understood fiom the 
following detailed description of a preferred embodiment of the invention with reference to 

the drawings, wherein: 

FIG. 1 is a block diagram showing an example workflow providing a patient access to 
a medical record by using an ID code and a biometric code; 

FIG. 2 is a block diagram showing another example workflow with enhanced security 

features; 

FIG. 3 illustrates another workflow method for providing patient medical record 
access with additional security features; and 

FIG. 4 illustrates yet another patient medical record access method having security 

features. 



Detailed Description of a Preferred Embodiment of the Invention 
The preferred embodiment of the invention is discussed in detail below. While 
specific implementations are discussed, it should be understood that this is done for 
illustration purposes only. A person skilled in the relevant art wil, recognize that other 
components and configurations may be used without parting from the spirit and scope of the 
invention. 

FIG. 1 illustratively depicts a biock diagram 100 including an example workflow b, 
which a patien, 1 02 can gain access to a record assoeiafcd with patient ,02 a, a requesting site 
.20 according ,0 one embodiment of the present invenuo, ,„ „„ e embodiment, the block 

diagram 1 00 begins with the natient 1 m «, „ , . 

patient 102 or a person authorized by the patient 102, inputting 

or being assigned personal identification codes such a, P o M m u , 

i-uucs sucn as, e.g., an ID number code 1 04 and a 



WO 00/26823 



PCT/US99/26090 



biometric code 106. The personal identification codes 104. 106, can be used to confirm the 
identity of a person 120 requesting access to a central records database 1 16. The ID number 
code 104 and biometric code 106 are inputted into an ID & biometric database 1 12 as shown 
by lines 108 and 110, respectively. The ID & biometric database 1 12 can verify that there is a 
match between the ID number and biometric inputted into ID number code 104 and biometric 
code 106 and the records stored in ID & biometric database 1 12. If both the ID code 104 and 
biometric code 106 match the records of approved lists of IDs stored in ID & biometric 
database 1 12, then access can be granted to a particular record using an ID code 1 14 which 
can be used to identify a particular record/file in the central records database 116. The ID 
code 1 14 can be used to query records database 1 16 to obtain the individual record for 
patient 102. The individual record can be associated with the ID code 1 14 and can then be 
transmitted back to the requesting site 120 for use by, e.g., an authorized user such as a 
doctor. Requesting site 120 could be a doctor's office or a hospital, for example. 

FIG. 2 illustratively depicts a block diagram 200 including another example workflow 
by which patient 1 02 can gain access to a record associated with patient 102 at a requesting 
site 120 according to another embodiment of the present invention. The block diagram 200 
depicts an another example method which provides enhanced security features. The method 
of block diagram 200 includes using a special access code 204 to identify (i.e., index) records 
in a records database 216, instead of ID code 1 14. 

The block diagram 200 begins similarly to diagram 100. As in the technique of FIG. 
1, personal identification codes (ID number code 104 and biometric code 106) can be used to 
confirm the identity of a person such as, e.g., a patient 102, requesting access to a record/file 
in central records database 216. The ID number code 104 and biometric code 106 can be 
inputted into ID & biometric database 1 12 as shown as lines 108 and 1 10, respectively. If 
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both the ID number code 104 and biometric code 106 match an approved list in ID & 
biometric database 1 12, then a special access code 204 can be calculated. The special access 
code 204 can be calculated by an access code calculator 202 which can receive as input the 
verified ID number code and biometric code 220. The access code calculator 202 can 
5 calculate the special access code 204 by combining the individual's ID number code 1 04 with 
one or more biometric codes 106 according to an algorithm, yielding an algorithmic result. 
One embodiment of the special access code 204 could be a hash digest. In one embodiment 
of the invention the access code 204 can be calculated by executing an algorithm as shown 
below in Table 1 . 

1 0 ID Code + Biometric Code(s) + Algorithm = Computed Special Access Code - Access to Protected Record 

Table 1. 

Special access code 204 can provide access to a separate records database 216, and can be 
used to identify and grant access to a particular record/file stored in the records database 2 1 6. 
The technique of the present invention illustrated in FIG. 2 provides a higher level of 

15 security than that of FIG. 1. In particular, since the special access code 204 of FIG. 2, used 
to grant access to and to identify records in the central records database 216, is not known to 
any individual (i.e., including the individual accessing the information), a higher level of 
security is maintained. The special access code 204 never leaves the confines of the central 
record database 216. The central record database 216 itself does not contain any names or 

20 other identifying information beyond the special access code 204. If an approved access code 
204 is generated, then an individual record associated with the access code 204 can be 
accessed from the record database 216. Once a record has been accessed via an approved 

-10- 
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access code 204, the record can be delivered/transmitted 208 with the access code to an 
access code match module 210 which can also receive an ID code and access code 206. 
Access code match module 210 can then associate the individual record with the ID. Access 
code match module 210 can then transmit the ID and individual record 212 to an individual 
5 record with ID storage module 214 which can then be accessed by the authorized requesting 
individual. Thus the individual record can be sent back to the requesting individual with the 
original ID code for identification proposes. No other identifiable information, including the 
special access code 204, need be transmitted back. After the individual record is downloaded 
and has been used, it can be eliminated or destroyed at the local level to maintain privacy 

1 0 requirements, e.g., using an automatic routine. 

FIG. 3 illustratively depicts a block diagram of another method 300 providing an even 
higher level of security than that shown in FIG. 2. As in the technique of FIG. 2, method 
300 uses a central database 316 that contains only the records/files and special access codes 
322 needed to grant access to and to identify particular records/files in records database 316. 

1 5 The method 300 differs from method 200 in several ways. 

Method 300 maintains an ID codes database 304 and a biometric database 306. ID 
number code 104 can be stored 108 in ID database 304. Storing ID number codes 104 in ID 
database 304 permits a verification comparing an input ID number code 1 04 to stored ID 
codes in ID database 304. Similarly, biometric code 106 can be stored 1 10 in biometric 

20 database 306. Storing biometric codes 1 06 in biometric database 306 permits a verification 
comparing an input biometric code 106 to stored biometric codes in biometric database 306. 
Using separate databases 304 and 306 for ID and biometric codes, respectively, increases 
security since the codes 104 and 106, which together can grant access to the records database 
3 16, are not associated with each other in any single database. Instead, the ID number code 
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104 and biometric code 106 can be matched to stored ID and biometric codes in ID database 
304 and biometric database 306, respectively, to verify that the codes 104 and 106 are valid. 
Then, as in the previous method, the ID and biometric codes can be inputted as shown with 
lines 108 and 110 into an access code calculator 302 where the codes 104 and 106 can be 
combined with an algorithm, such as, e.g., that shown in table 1, to produce a special access 
code 304. Access code 304 can then be stored in an access code database 320 

Before granting access to the records database 316, the special access code 304, just 
calculated by the access code calculator 302, can be inputted into access code database 320 
where the calculated access code 304 can be compared to stored access codes and verified by 
matching the calculated access code to access codes stored in the access code database 320. 
This comparison/verification confirms the identity of the requesting individual since only one 
unique access code can be generated by combining the ID code 104 and biometric code 106. 
The access code can then be provided to the records database 3 16 as shown by line 322. 

The central record database 316 itself does not contain any names or other identifying 
information beyond the special access code 304. If an approved access code 322 is generated, 
then an individual record associated with the access code 322 can be accessed from the record 
database 316. Once a record has been accessed via an approved access code 322, the record 
can be delivered/transmitted 308 with the access code 322 to an access code match module 
310 which can also receive an ID code and access code 306 from the access code calculator 
302. Access code match module 3 10 can then associate the individual record with the ID. 
Access code match module 3 1 0 can then transmit the ID and individual record 312 to an 
individual record with ID temporary storage module 314 which can then be accessed by the 
authorized requesting individual as shown by line 318. Thus the individual record can be 
sent back to the requesting individual with the original ID code 104 for identification 
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proposes. No other identifiable information, including the special access code 320, need be 
transmitted back. After the individual record is downloaded and has been used, it can be 
eliminated or destroyed at the local level to maintain privacy requirements, e.g., using an 
automatic routine. 

5 FIG. 4 illustratively depicts a block diagram of another method 40 that increases 

security of records database 316 even further by eliminating the ID database 304 and 
biometric database 306, altogether. As in the method 300 described above with reference to 
FIG. 3, the technique of method 400 combines the ID number code 1 04 and biometric code 
106 with an algorithm to produce a unique special access code 304. If the special access code 

10 304 matches an approved code in access code database 320. then access can be granted to the 
particular record associated with the valid special access code 322. The technique can 
continue as described with reference to FIG. 3. 

The method 400 of FIG. 4 can provide additional security over method 300 by not 
maintaining an ID database 304 and biometric database 306 that could possibly be 

15 compromised. Method 400 works on the premise that biometric codes 106 are unique 

throughout the human population and can therefore be used, with the ID code 104. to generate 
unique access codes 304. Special access codes 30 can be confirmed as valid by the access 
code database 320 if they correspond to a particular code stored in the access code database 
320. As in the above described methods 200 and 300, that also use access codes 204 and 304, 

20 the special access codes 204 and 304 are not known outside the central records database 316 
or perhaps the access code database 320. Similar steps for transmitting records back to the 
requesting site can also be followed. 

In all the above-described methods, a protected record cannot be entered or accessed 
from the central database 216 and 316 unless a valid ID code 104 and one or more valid 
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1 06 can be time-stamped in order to protect against fraud and to insure only current requests 
are approved (to prevent biometric re-use from illegally intercepted transmissions). 

Each individual, who participates in the central database 216 and 316, provides, e.g., 
via a transducer, one or more physical biometric characteristic samples such as, e.g., a voice 
sample, fingerprint, or a signature. These samples can be digitally encoded, can be attached, 
can possibly be placed in an encrypted form, and can be associated with a person's entire 
record in the central database. Alternatively, as described in methods 200, 300 and 400, 
special access codes 204 and 304 can be generated/calcu.ated when a record is initiaHy 
created or modified via an algorithm mat combines ^ ^ j ^ ^ 

ID code ,04. Although unknown to the individual, these special access codes 204 and 304 
can be attached to the record and in one embodiment, can on.y be generated via the correct ID 
code 104 and biometric code 106. 

If an individual loses or forgets the i„ dividua| . s ID ^ JM ^ [D ^ ^ ^ ^ 
acred o- magnetic and smart card sysKms), the ID code ,04 can be recreated by a system 
that in one embodiment, accepts two or more biometric codes, or other enhanced identity 
verification, to provide a highly accurate procedure to confirm an individual's identity. 

Access .0 records can be restricted in accordance with pre-established instructions 
mandated by the individual For example, some indivduals can be more interested in 
medical person™, having ready access to their record and can specify instructions consistent 
with tins desire. ,„ addition, some individuals may be concerned about the privacy 
pa* of their medical history, bu, „o, other parts, and can therefore, e.g., specify unctions 
consistent with these concerns. People that have approval or antiunion from an individual 
can beprovided, in one embodiment, the ability ,„ lha , mdividual's record via ma, 
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individual's ID and their own biometric identifier code or codes. Approved people can 
produce a special access code 204 and 304, if required, that could grant them access to a 
particular individual's records. In one embodiment, an authorized person can, e.g., by using 
the individual's ID and their own biometric characteristic codes, be granted access to a 
particular individual's records. The use of biometric codes can also provide an added level 
of security by, e.g., allowing precise tracking of who has accessed an individual's records 
over a period of time. 

Separately, access to the central records database 216 and 316 can be rendered 
harmless to privacy concerns, because names and other common forms of information used to 
identify individuals are absent from the medical records database 3 1 6. This feature provides 
an added benefit to researchers, such as, e.g., epidemiological and clinical medical researchers 
in a medical records database, who can be given access to the central database 2 1 6 and 3 1 6 
without risk of identifying particular individuals since any identification data is encoded, 
encrypted or not even in a readily accessible form. 

To authorize access to records with a highest level of protection, the present invention 
can require the physical presence of the individual to provide biometric code 106 input. In 
such an embodiment, a transducer associated with the entry terminal at which the request is 
made, can transduce and encode the physical biometric characteristics 106 of the person 
whose protected record is sought and who is authorizing the request. As described before, the 
biometric code or codes 106 can also be time-stamped for additional security. Additionally, 
the records themselves in the central records database 216 and 316 can be encrypted. 

In one embodiment, following establishment of central record databases 216 and 316, 
some organizations can be authorized to continue to maintain their own separate databases for 
records that they generate, and, subject to agreement by the individual, can continue to control 
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access to their respective databases. In one embodiment records that are in a central database 
216 and 316 can also, subject to agreement by the individual, be stored in the database of the 
organization that generates the record such as, e.g., a healthcare provider, or a financial 
organization. The separately stored records can be accessible by the organization without 
5 requiring the biometric identifier code 106, i.e., if the individual agrees to such access. 

While the invention has been described in terms of a preferred embodiment, those 
skilled in the art will recognize that the invention can be practiced with modification within 
the spirit and scope of the appended claims. Particularly, while the invention has been 
described in connection with protecting an individual's records in medical record database, it 
10 will be appreciated that the invention is applicable to the protection of an individual's records 
in any database. 



-16- 



WO 00/26823 



PCI7US99/26090 



Claims 

Having thus described my invention, what I claim as new and desire to secure by 
Letters Patent is as follows: 



1 1 . A method for maintaining an individual's record in a record database with access 

2 to the record controlled by the individual, comprising the steps of: 

3 linking a plurality of data input/output terminals to a record database via a network; 

4 assigning each individual an ID number code; 

5 transducing an identifying characteristic of each individual to a digital identifying 

6 characteristic code; 

7 storing said ID number code and said digital identifying characteristic code in an ID 

8 and identifying code database; 

9 storing an individual's record in said record database accessible by an ID code; 

1 0 querying said record database from one of said plurality of data input/output terminals 

11 by transmitting a query that includes said ID number code, and said identifying characteristic 

12 code; 

1 3 comparing said ID number code and said identifying characteristic code transmitted in 

1 4 said querying step with said identifying characteristic code and said ID number code stored in 

1 5 said ID and identifying code database; 

1 6 transmitting said record to said one of said plurality of data input/output terminals in 

1 7 response to said querying step only if the codes compared in said comparing step match 

1 8 within predetermined limits. 
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1 2. The method according to claim 1 wherein said record database is maintained in 

2 encrypted form. 

1 3. The method according to claim 1 wherein said record database is a national 

2 medical record database. 

1 4. The method according to claim 1 wherein said record database is a national record 

2 database established by a government agency or mandated by a government or by a 

3 government agency. 

1 5. The method according to claim 1 wherein said record database is a medical record 

2 database. 

1 6. The method according to claim 1 wherein said record database is a national 

2 medical record database established by a government agency or mandated by a government or 

3 by a government agency. 

1 7. The method according to claim 1 including the further step of entering and/or 

2 updating a record in response to said addressing step only if the codes compared in said step 

3 match within a predetermined time period. 

1 8. The method according to claim 1 wherein said plurality of data inputs/output 

2 terminals are linked to said record database by a wide area, publicly accessible network. 
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9. The method according to claim 8 wherein said network utilizes the Internet 
and/or worldwide web. 

1 0. The method according to claim 1 wherein said transducing step is carried out 
contemporaneously with said addressing step. 

1 1 . The method according to claim 7 wherein said transducing step is carried out 
contemporaneously with said addressing step. 

12. The method according to claim 8 wherein said transducing step is carried out 
contemporaneously with said addressing step. 

13. The method according to claim 9 wherein said transducing step is carried out 
contemporaneously with said addressing step. 

14. The method according to claim 2 wherein said record database is a national 
medical record database. 

15. The method according to claim 2 wherein said record database is a national 
record database established by a government agency or mandated by a government or by a 
government agency. 

16. The method according to claim 2 wherein said record database is a medical 
record database. 
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2 



1 7. The method according to claim 2 wherein said record database is a national 
medical record database established by a government , 



t agency or mandated by a government or 
3 by a government agency. 



Ill* method according * claim 2 incWing fc ^ ^ rf ^ ^ 
updating a record in response t0 3,, adtesi „ g aep ^ jf fc ^ ^ ^ ^ 



1 
? 

5 match within a predetermined time period 



1 9. The method according ,„ data 2 wherein said ptaihy of ^ in p uts/ouvm 
tenninals are linked ,0 said record database b y a wide area, pnbiiciy accessib.e network. 

20. The method according to Cairo ,9 wherein said network otiitasrhe Interne, 

and/or the worldwide web. 



21- The method according to claim 2 wherein said transducing step is carried 
contemporaneously with said addressing step! 



out 



22. Themethodaccordingtoclaim it wherein said tnosdocing step is carried ou, 

contemporaneously with said addressing step. 

23. The method according to claim 19 wherein said Educing step is carried out 
contemporaneously with said addressing step. 
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1 24. The method according to claim 20 wherein said transducing step is carried out 

2 contemporaneously with said addressing step. 

1 25. A method for maintaining an individual's record in a record database with access 

2 to the record controlled by the individual, comprising the steps of: 

3 linking a plurality of data input/output terminals to a record database via a network; 

4 assigning each individual an ID number code; 

5 transducing an identifying characteristic of each individual to a digital identifying 

6 characteristic code; 

7 storing said ID number code and said digital identifying characteristic code in an ID 

8 and identifying code database; 

9 calculating an access code by algorithmically combining said ID number code and 

1 0 said digital identifying characteristic code; 

1 1 storing an individual's record in said record database accessible by said access code; 

1 2 querying said record database from one of said plurality of data input/output terminals 

13 by transmitting a query that includes 

14 sending a query ID number code, and a query digital identifying characteristic 

1 5 code, 

1 6 calculating a query access code by algorithmically combining said query ID 

1 7 number code and said query digital identifying characteristic code, and 

1 8 retrieving a query record from said record database using said query access 

1 9 code; 
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20 comparing said query ID number code and said query identifying characteristic code 

21 transmitted in said querying step with said identifying characteristic code and said ID number 

22 code stored in said ID and identifying code database; 

23 transmitting said record with said ID number code to said one of said plurality of data 

24 input/output terminals in response to said queiying step only if the codes compared in said 

25 comparing step match within predetermined limits. 

1 26. A method for maintaining an individual's record in a record database with access 

2 to the record controlled by the individual, comprising the steps of: 

3 linking a plurality of data input/output terminals to a record database via a network; 

4 assigning each individual an ID number code; 

5 storing said ID number code in an ID database; 

6 transducing an identifying characteristic of each individual to a digital identifying 

7 characteristic code; 

8 storing said digital identifying characteristic code in an identifying characteristics code 

9 database; 

1 0 calculating an access code by algorithmically combining said ID number code and 

1 1 said digital identifying characteristic code; 

1 2 storing said access code in an access code database; 

13 storing an individual's record in said record database accessible by said access code; 

14 querying said record database from one of said plurality of data input/output terminals 

15 by transmitting a query that includes 

1 6 sending a query ID number code, and a query digital identifying characteristic 

1 7 code, 
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1 8 calculating a query access code by algorithmically combining said query ID 

1 9 number code and said query digital identifying characteristic code, and 

20 retrieving a query record from said record database using said query access 

21 code; 

22 comparing said query ID number code with said ID number stored in said ID database 

23 and comparing said query identifying characteristic code with said identifying characteristic 

24 code stored in said identifying characteristic code database; 

25 comparing said query access code with said access code stored in said access code 

26 database; 

27 transmitting said record along with said ID number code to said one of said plurality 

28 of data input/output terminals in response to said querying step only if the codes compared in 

29 said comparing steps match within predetermined limits. 

1 27. A method for maintaining an individual's record in a record database with access 

2 to the record controlled by the individual, comprising the steps of: 

3 linking a plurality of data input/output terminals to a record database via a network; 

4 assigning each individual an ID number code; 

5 transducing an identifying characteristic of each individual to a digital identifying 

6 characteristic code; 

7 calculating an access code by algorithmically combining said ID number code and 

8 said digital identifying characteristic code; 

9 storing said access code in an access code database; 

10 storing an individual's record in said record database accessible by said access code; 
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1 1 querying said record database from one of said plurality of data input/output terminals 

12 by transmitting a query that includes 

1 3 sending a query ID number code, and a query digital identifying characteristic 

14 code, 

1 5 calculating a query access code by algorithmically combining said query ID 

1 6 number code and said query digital identifying characteristic code, and 

1 7 retrieving a query record from said record database using said query access 

1 8 code; 

1 9 comparing said query access code with said access code stored in said access code 

20 database; 

21 transmitting said record along with said ID number code to said one of said plurality 

22 of data input/output terminals in response to said querying step only if the codes compared in 

23 said comparing step match within predetermined limits. 
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